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DETAILED ACTION 

1. Claims 1-9, 13-25, and 28-35 are pending in this office action. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on June 6, 2006, is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

Continued Examination Under 37 CFR 1.114 

3. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final-rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on August 
18, 2006, has been entered. 

Claim Rejections 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior office action. 


Claim Rejections - 35 USC § 103 
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5. Claims 1-9. 13-25, and 28-35 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chen et al. (U.S. Patent No. 6,061 ,796) in view of Shrader et al. 
(U.S. Patent No. 6,772,341 ), and further in view of Swift et al. (U.S. Patent No. 
6,377,691). 

Regarding claims 1, 2, 5, 14-16, and 20-23 , Chen et al. teaches a network 
system providing integration, comprising: 

• A client computer (fig. 1 A, ref. num 4); 

• A server (fig. 1 A, ref. num 1 ); 

• A server-side cryptographic function providing cryptographic services located on 
. the server (fig. 6, ref. num 23); 

• A remote access switch providing an interface between the client computer and 
the server (fig. 6, ref. num 8); 

• A client-side cryptographic function providing cryptographic services located on 
the client computer (fig. 6, ref. num 20); 

• A dial-up client for dialing the remote access switch (fig. 2-5, ref. num 25); 

• A custom script dynamically linked library providing an interface between the dial- 
up client and the client-side cryptographic function (col. 2, lines 45-61 , col. 3, 
lines 38-53, and fig. 2-5, ref. num 22); 

• Wherein the dial-up client is an executable file that loads and executes 
code in the custom script dynamically linked library (col. 8, lines 33-42, the 
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client authentication software is accessed by the client before data is sent out 
through the TDI layer, the hardware drivers, and eventually the hardware); and 

• The server-side cryptographic function sends an instruction based on the 
result to the server via the PKI-Bridge, wherein the instruction specifies 
whether the server should send an allow connection message to the 
remote access switch (fig. 7, ref. num 108, after proper authentication has 
taken place, transmission of data is allowed between clients or client and server); 

• A security device holding authentication information (col. 9, lines 1-10); and 

• A security device reader attached to the client computer for reading the security 
device (col. 9, lines 1-10). 

Chen et al. does not specifically teach a PKI-Bridge, or a directory service 
accessed by the server-side cryptographic function, or generating a challenge string, 
generating a signed response string, encoding and dividing the signed response string, 
combining and decoding the plurality of packets, and verifying the reconstructed signed 
response string to generate a result However, Chen et al. does teach of the 
SmartGATE VPN for the server, which is directly attached to the server, and therefore 
functions as the PKI-Bridge. The SmartGATE VPN is responsible for receiving 
information to enable secure communications between either a) a client and server, or 
b) a client and another client. 
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Shrader et al. teaches a directory service accessed by the server-side 
cryptographic function (col. 9, lines 39-53). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a directory service accessible by the server-side 
cryptographic function, as taught by Shrader et al. , with the network system of Chen et 
aL It would have been obvious for such modifications because the directory service 
provides keys to the server-side cryptographic function; this enables the server direct 
access to the keys. 

The combination of Chen et al. as modified by Shrader et al. still does not teach 
the following limitations. 

Swift et al. teaches wherein the server-side cryptographic function generates a 
challenge string (fig. 5A, ref. num 506), the client-side cryptographic function generates 
a signed response string in response to the challenge string (fig. 5A, rf. num 508), the 
custom script dynamically linked library encodes and divides the signed response string 
to obtain a plurality of packets (col. 1, lines 41-45), the PKI-Bridge combines and 
decodes the plurality of packets to obtain a reconstructed signed response string (col. 1, 
lines 34-37), the server-side cryptographic function verifies the reconstructed signed 
response string to generate a result (col. 8, lines 38-52). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a challenge-response system and encoding the data, 
then dividing it in blocks for transmission, as taught by Swift et al. , with the network 
system of Chen et al./Shrader et al. It would have been obvious for such modifications 
because dividing data into packets takes secured data and allows it to be sent in either 
a datagram mode or virtual circuit mode, each having their own benefits (see col. 1 , 
lines 53-67 of Swift et al.). 

Regarding claim 3 , Chen et al. as modified by Shrader et al. /Swift et al. teaches 
wherein a certificate is stored on the security device (see col. 7, lines 13-21 of Shrader 
etal.). 

Regarding claims 4, 17, and 30 , Chen et al. as modified by Shrader et al./Swift et 
aL teaches wherein the security device is a smart card (see col. 9, lines 1-10 of Chen et 
al.). 

Regarding claims 6 and 33 , Chen et al. as modified by Shrader et al./Swift et al. 
teaches wherein the directory service is lightweight directory access protocol compliant 
(see col. 9, lines 39-53 of Shrader et al.). 
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Regarding claim 7 , Chen et al. as modified by Shrader et al./Swift et al. teaches 
wherein the client-side cryptographic function and the server-side cryptographic function 
employ the same cryptographic scheme (see col. 1 1 , lines 16-23 of Chen et al.). 

Regarding claim 8 , Chen et al. as modified by Shrader et al./Swift et al. teaches 
wherein the server-side cryptographic function uses a random number generator to 
generate the challenge string (see fig. 6, ref. num 61 of Chen et al.). 

Regarding claim 9 , Chen et al. as modified by Shrader et al./Swift et al. teaches 
wherein the client-side cryptographic function uses a random number generator to 
generate the response string (see fig. 6, ref. num 61 of Chen et al.). 

Regarding claims 13, and 19 : Chen et al. as modified by Shrader et al./Swift et al. 
teaches wherein the dial-up client automates the authentication process using a hidden 
terminal operating in terminal mode (see fig. 2, ref. num 25 of Chen et al.). 

Regarding claim 18 , Chen et al. as modified by Shrader et al./Swift et al. teaches 
wherein the custom script dynamically linked library comprises a SDLogin component 
and a SDSetupDial component (see col. 3, lines 16-28 of Chen et al., dial-up internet 
access requires a user to login). 
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Regarding claims 24, 25, 28, 29, 34, and 35 , Chen et al. teaches a 
method/apparatus of integrating via a dial-up interface, comprising: 

• Sending session initiation information from a dial-up client to a server wherein 
the dial-up client is an executable file that loads and executes code in a 
custom script dynamically linked library (col. 9, lines 42-53 and col. 8, lines 
33-42, the client authentication software is accessed by the client before data is 
sent out through the TDI layer, the hardware drivers, and eventually the 
hardware); 

• Checking session initiation information by the server (col. 9, lines 53-59); 

• Forwarding the challenge string to a custom script dynamically linked library (fig. 
2, ref. num 22, the server [23] sends the challenge to the winsock first); 

• Forwarding the challenge string to the client-side cryptographic function from the 
custom script dynamically linked library (fig. 6, ref. num 61, the winsock [22] then 
forwards the challenge to the SmartGATE VPN); 

• Utilizing a private key from a security device (col. 2, lines 21-37, the reference 
incorporated by reference refers to col. 3, lines 44-59 for using a private key of a 
smart card); 

• Signing the response string with the private key of a dial-in user to obtain a 
signed response string (col. 2, lines 21-37, the reference incorporated by 
reference refers to col. 5, lines 45-56 for signing a message); 

• Forwarding the' signed response string to the custom script dynamically linked 
library (fig. 2, ref. num 20 going through 22); 
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• Forwarding the plurality of packets to the server (col. 8, lines 52-56); 

• Forwarding the reconstructed signed response string to the server-side 
cryptographic function (col. 8, lines 52-56); 

• Obtaining a public key of the dial-in user (col. 2, lines 21-37, the reference 
incorporated by reference refers to col. 1 , lines 39-49 and col. 5, lines 30-44 for 
verifying by using a public key); 

• Verifying the reconstructed signed response string based on the public key using 
the server-side cryptographic function to generate a result (col. 2, lines 21-37, 
the reference incorporated by reference refers to col. 5, lines 19-44 for verifying a 
signed message); 

• Sending an instruction to the server from the server-side cryptographic 
function via the PKI-Bridge, wherein the instruction specifies whether the 
server should send an allow connection message to the remote access 
switch based on the result (fig. 7, ref. num 108, after proper authentication has 
taken place, transmission of data is allowed between clients or client and server); 

• Reading the security device by a security device reader (col. 9, lines 1-10); 

• Forwarding the challenge string to the dial-up client (fig. 6, ref. num 61 ); 

• Forwarding the challenge string to the server (fig. 1 , ref. num 61 ); and 

• Forwarding the plurality of packets from the custom script dynamically linked 
library (fig. 2, ref. num 22, packets are forwarded from the DLL to the 
SmartGATE VPN on the client). 
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Chen et al. does not specifically teach a PKI-Bridge, generating a challenge 
string; generating a response string; dividing the encoded signed response string into a 
plurality of packets; combining the plurality of packets; encoding the signed response 
string to obtain an encoded signed response string and decoding the reconstructed 
encoded signed response string to obtain a reconstructed signed response string. 
However, Chen et al. does teach of the SmartGATE VPN for the server, which is 
directly attached to the server, and therefore functions as the PKI-Bridge. The 
SmartGATE VPN is responsible for receiving information to enable secure 
communications between either a) a client and server, or b) a client and another client. 

Shrader et al. teaches encoding the signed response string to obtain an encoded 
signed response string and decoding the reconstructed encoded signed response string 
to obtain a reconstructed signed response string (col. 11, lines 49-67). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine encoding and decoding the signed response string, as 
taught by Shrader et al. . with the method/apparatus of Chen et al. It would have been 
obvious for such modifications because encoding the signed response string prevents 
attackers from "seeing" what the response should look like. This prevents replay- 
attacks. 
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The combination of Chen et al. as modified by Shrader et al. still does not teach 
the following limitations. 


Swift et al. teaches generating a challenge string by a server-side cryptographic 
function (fig. 5A, ref. num 506); generating a response string in response to the 
challenge string (fig. 5A, ref. num 508); dividing the encoded signed response string into 
a plurality of packets (col. 1, lines 41-45); and combining the plurality of packets to 
obtain a reconstructed encoded signed response string (col. 1, lines 34-37). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a challenge-response system and encoding the data, 
then dividing it in blocks for transmission, as taught by Swift et al. , with the 
method/apparatus of Chen et al. /Shrader et al. It would have been obvious for such 
modifications because dividing data into packets takes secured data and allows it to be 
sent in either a datagram mode or virtual circuit mode, each having their own benefits 
(see col. 1, lines 53-67 of Swift et al.). 

Regarding claim 31 Chen et al. as modified by Shrader et al./Swift et al. teaches 
wherein the session initiation information comprises version information and a 
distinguished name (see col, 8, lines 9-51 of Shrader et al.). 
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Regarding claim 32 , Chen et al. as modified by Shrader et al. /Swift et al. teaches 


Shrader et al.). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 

272- 3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 


wherein the public key is stored on a directory service (see col. 7, lines 13-21 of 
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